@versini/auth-common 4.1.1 → 4.1.3

package/dist/index.js

@@ -1,28 +1,28 @@
 /*!
-  @versini/auth-common v4.1.1
+  @versini/auth-common v4.1.3
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "4.1.1",
-    buildTime: "09/05/2024 04:25 PM EDT",
+    version: "4.1.3",
+    buildTime: "09/30/2024 01:36 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const et = {
+const ct = {
   ID_TOKEN: "id_token",
   ACCESS_TOKEN: "token",
   ID_AND_ACCESS_TOKEN: "id_token token",
   CODE: "code",
   REFRESH_TOKEN: "refresh_token",
   PASSKEY: "passkey"
-}, tt = {
+}, st = {
   CLIENT_ID: "X-Auth-ClientId"
-}, ne = {
+}, se = {
   ACCESS_TOKEN: "access_token"
-}, R = {
+}, W = {
   ALG: "RS256",
   USER_ID_KEY: "sub",
   USERNAME_KEY: "username",
@@ -35,7 +35,7 @@ const et = {
   SCOPES_KEY: "scopes",
   CLIENT_ID_KEY: "aud",
   ISSUER: "gizmette.com"
-}, ae = `-----BEGIN PUBLIC KEY-----
+}, ue = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -43,33 +43,33 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
 l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
 sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
 awIDAQAB
------END PUBLIC KEY-----`, rt = {
+-----END PUBLIC KEY-----`, ut = {
   ACCESS: "5m",
   ID: "90d",
   REFRESH: "90d"
-}, nt = {
+}, dt = {
   CODE: "code",
   LOGOUT: "logout",
   LOGIN: "login",
   REFRESH: "refresh"
-}, O = crypto, G = (e) => e instanceof CryptoKey, _ = new TextEncoder(), C = new TextDecoder();
-function oe(...e) {
-  const t = e.reduce((a, { length: o }) => a + o, 0), r = new Uint8Array(t);
+}, D = crypto, Q = (e) => e instanceof CryptoKey, I = new TextEncoder(), P = new TextDecoder();
+function de(...e) {
+  const t = e.reduce((o, { length: a }) => o + a, 0), r = new Uint8Array(t);
   let n = 0;
-  for (const a of e)
-    r.set(a, n), n += a.length;
+  for (const o of e)
+    r.set(o, n), n += o.length;
   return r;
 }
-const ie = (e) => {
+const fe = (e) => {
   const t = atob(e), r = new Uint8Array(t.length);
   for (let n = 0; n < t.length; n++)
     r[n] = t.charCodeAt(n);
   return r;
-}, b = (e) => {
+}, g = (e) => {
   let t = e;
-  t instanceof Uint8Array && (t = C.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
+  t instanceof Uint8Array && (t = P.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return ie(t);
+    return fe(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
@@ -87,19 +87,19 @@ class h extends A {
   static get code() {
     return "ERR_JWT_CLAIM_VALIDATION_FAILED";
   }
-  constructor(t, r, n = "unspecified", a = "unspecified") {
-    super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = n, this.reason = a, this.payload = r;
+  constructor(t, r, n = "unspecified", o = "unspecified") {
+    super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = n, this.reason = o, this.payload = r;
   }
 }
-class $ extends A {
+class B extends A {
   static get code() {
     return "ERR_JWT_EXPIRED";
   }
-  constructor(t, r, n = "unspecified", a = "unspecified") {
-    super(t), this.code = "ERR_JWT_EXPIRED", this.claim = n, this.reason = a, this.payload = r;
+  constructor(t, r, n = "unspecified", o = "unspecified") {
+    super(t), this.code = "ERR_JWT_EXPIRED", this.claim = n, this.reason = o, this.payload = r;
   }
 }
-class ce extends A {
+class le extends A {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
   }
@@ -107,7 +107,7 @@ class ce extends A {
     return "ERR_JOSE_ALG_NOT_ALLOWED";
   }
 }
-class w extends A {
+class p extends A {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
   }
@@ -115,7 +115,7 @@ class w extends A {
     return "ERR_JOSE_NOT_SUPPORTED";
   }
 }
-class u extends A {
+class d extends A {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_INVALID";
   }
@@ -131,7 +131,7 @@ class S extends A {
     return "ERR_JWT_INVALID";
   }
 }
-class se extends A {
+class he extends A {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
   }
@@ -139,16 +139,16 @@ class se extends A {
     return "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
   }
 }
-function m(e, t = "algorithm.name") {
+function y(e, t = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
-function v(e, t) {
+function R(e, t) {
   return e.name === t;
 }
-function W(e) {
+function N(e) {
   return parseInt(e.name.slice(4), 10);
 }
-function de(e) {
+function pe(e) {
   switch (e) {
     case "ES256":
       return "P-256";
@@ -160,7 +160,7 @@ function de(e) {
       throw new Error("unreachable");
   }
 }
-function ue(e, t) {
+function me(e, t) {
   if (t.length && !t.some((r) => e.usages.includes(r))) {
     let r = "CryptoKey does not support this operation, its usages must include ";
     if (t.length > 2) {
@@ -170,94 +170,94 @@ function ue(e, t) {
     throw new TypeError(r);
   }
 }
-function le(e, t, ...r) {
+function ye(e, t, ...r) {
   switch (t) {
     case "HS256":
     case "HS384":
     case "HS512": {
-      if (!v(e.algorithm, "HMAC"))
-        throw m("HMAC");
+      if (!R(e.algorithm, "HMAC"))
+        throw y("HMAC");
       const n = parseInt(t.slice(2), 10);
-      if (W(e.algorithm.hash) !== n)
-        throw m(`SHA-${n}`, "algorithm.hash");
+      if (N(e.algorithm.hash) !== n)
+        throw y(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "RS256":
     case "RS384":
     case "RS512": {
-      if (!v(e.algorithm, "RSASSA-PKCS1-v1_5"))
-        throw m("RSASSA-PKCS1-v1_5");
+      if (!R(e.algorithm, "RSASSA-PKCS1-v1_5"))
+        throw y("RSASSA-PKCS1-v1_5");
       const n = parseInt(t.slice(2), 10);
-      if (W(e.algorithm.hash) !== n)
-        throw m(`SHA-${n}`, "algorithm.hash");
+      if (N(e.algorithm.hash) !== n)
+        throw y(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "PS256":
     case "PS384":
     case "PS512": {
-      if (!v(e.algorithm, "RSA-PSS"))
-        throw m("RSA-PSS");
+      if (!R(e.algorithm, "RSA-PSS"))
+        throw y("RSA-PSS");
       const n = parseInt(t.slice(2), 10);
-      if (W(e.algorithm.hash) !== n)
-        throw m(`SHA-${n}`, "algorithm.hash");
+      if (N(e.algorithm.hash) !== n)
+        throw y(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "EdDSA": {
       if (e.algorithm.name !== "Ed25519" && e.algorithm.name !== "Ed448")
-        throw m("Ed25519 or Ed448");
+        throw y("Ed25519 or Ed448");
       break;
     }
     case "ES256":
     case "ES384":
     case "ES512": {
-      if (!v(e.algorithm, "ECDSA"))
-        throw m("ECDSA");
-      const n = de(t);
+      if (!R(e.algorithm, "ECDSA"))
+        throw y("ECDSA");
+      const n = pe(t);
       if (e.algorithm.namedCurve !== n)
-        throw m(n, "algorithm.namedCurve");
+        throw y(n, "algorithm.namedCurve");
       break;
     }
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  ue(e, r);
+  me(e, r);
 }
-function q(e, t, ...r) {
+function Z(e, t, ...r) {
   var n;
-  if (r.length > 2) {
-    const a = r.pop();
-    e += `one of type ${r.join(", ")}, or ${a}.`;
+  if (r = r.filter(Boolean), r.length > 2) {
+    const o = r.pop();
+    e += `one of type ${r.join(", ")}, or ${o}.`;
   } else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
   return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (n = t.constructor) != null && n.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const L = (e, ...t) => q("Key must be ", e, ...t);
-function z(e, t, ...r) {
-  return q(`Key for the ${e} algorithm must be `, t, ...r);
+const V = (e, ...t) => Z("Key must be ", e, ...t);
+function j(e, t, ...r) {
+  return Z(`Key for the ${e} algorithm must be `, t, ...r);
 }
-const X = (e) => G(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", P = ["CryptoKey"], fe = (...e) => {
+const ee = (e) => Q(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", x = ["CryptoKey"], Se = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
   let r;
   for (const n of t) {
-    const a = Object.keys(n);
+    const o = Object.keys(n);
     if (!r || r.size === 0) {
-      r = new Set(a);
+      r = new Set(o);
       continue;
     }
-    for (const o of a) {
-      if (r.has(o))
+    for (const a of o) {
+      if (r.has(a))
         return !1;
-      r.add(o);
+      r.add(a);
     }
   }
   return !0;
 };
-function he(e) {
+function Ee(e) {
   return typeof e == "object" && e !== null;
 }
-function K(e) {
-  if (!he(e) || Object.prototype.toString.call(e) !== "[object Object]")
+function _(e) {
+  if (!Ee(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -266,14 +266,26 @@ function K(e) {
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
 }
-const pe = (e, t) => {
+const we = (e, t) => {
   if (e.startsWith("RS") || e.startsWith("PS")) {
     const { modulusLength: r } = t.algorithm;
     if (typeof r != "number" || r < 2048)
       throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
   }
 };
-function me(e) {
+function K(e) {
+  return _(e) && typeof e.kty == "string";
+}
+function ge(e) {
+  return e.kty !== "oct" && typeof e.d == "string";
+}
+function be(e) {
+  return e.kty !== "oct" && typeof e.d > "u";
+}
+function Ae(e) {
+  return K(e) && e.kty === "oct" && typeof e.k == "string";
+}
+function Ce(e) {
   let t, r;
   switch (e.kty) {
     case "RSA": {
@@ -298,7 +310,7 @@ function me(e) {
           }, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
           break;
         default:
-          throw new w('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new p('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
@@ -320,7 +332,7 @@ function me(e) {
           t = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
           break;
         default:
-          throw new w('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new p('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
@@ -336,168 +348,218 @@ function me(e) {
           t = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
           break;
         default:
-          throw new w('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new p('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
     default:
-      throw new w('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
+      throw new p('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
   }
   return { algorithm: t, keyUsages: r };
 }
-const Se = async (e) => {
+const te = async (e) => {
   if (!e.alg)
     throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
-  const { algorithm: t, keyUsages: r } = me(e), n = [
+  const { algorithm: t, keyUsages: r } = Ce(e), n = [
     t,
     e.ext ?? !1,
     e.key_ops ?? r
-  ], a = { ...e };
-  return delete a.alg, delete a.use, O.subtle.importKey("jwk", a, ...n);
-}, Q = (e) => b(e);
-let D, J;
-const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j = async (e, t, r, n) => {
+  ], o = { ...e };
+  return delete o.alg, delete o.use, D.subtle.importKey("jwk", o, ...n);
+}, re = (e) => g(e);
+let C, v;
+const ne = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", J = async (e, t, r, n, o = !1) => {
   let a = e.get(t);
   if (a != null && a[n])
     return a[n];
-  const o = await Se({ ...r, alg: n });
-  return a ? a[n] = o : e.set(t, { [n]: o }), o;
-}, ye = (e, t) => {
-  if (Z(e)) {
+  const i = await te({ ...r, alg: n });
+  return o && Object.freeze(t), a ? a[n] = i : e.set(t, { [n]: i }), i;
+}, ve = (e, t) => {
+  if (ne(e)) {
     let r = e.export({ format: "jwk" });
-    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Q(r.k) : (J || (J = /* @__PURE__ */ new WeakMap()), j(J, e, r, t));
+    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? re(r.k) : (v || (v = /* @__PURE__ */ new WeakMap()), J(v, e, r, t));
   }
-  return e;
-}, Ee = (e, t) => {
-  if (Z(e)) {
+  return K(e) ? e.k ? g(e.k) : (v || (v = /* @__PURE__ */ new WeakMap()), J(v, e, e, t, !0)) : e;
+}, Te = (e, t) => {
+  if (ne(e)) {
     let r = e.export({ format: "jwk" });
-    return r.k ? Q(r.k) : (D || (D = /* @__PURE__ */ new WeakMap()), j(D, e, r, t));
+    return r.k ? re(r.k) : (C || (C = /* @__PURE__ */ new WeakMap()), J(C, e, r, t));
   }
-  return e;
-}, we = { normalizePublicKey: ye, normalizePrivateKey: Ee }, E = (e, t, r = 0) => {
+  return K(e) ? e.k ? g(e.k) : (C || (C = /* @__PURE__ */ new WeakMap()), J(C, e, e, t, !0)) : e;
+}, _e = { normalizePublicKey: ve, normalizePrivateKey: Te }, w = (e, t, r = 0) => {
   r === 0 && (t.unshift(t.length), t.unshift(6));
   const n = e.indexOf(t[0], r);
   if (n === -1)
     return !1;
-  const a = e.subarray(n, n + t.length);
-  return a.length !== t.length ? !1 : a.every((o, i) => o === t[i]) || E(e, t, n + 1);
-}, k = (e) => {
+  const o = e.subarray(n, n + t.length);
+  return o.length !== t.length ? !1 : o.every((a, i) => a === t[i]) || w(e, t, n + 1);
+}, F = (e) => {
   switch (!0) {
-    case E(e, [42, 134, 72, 206, 61, 3, 1, 7]):
+    case w(e, [42, 134, 72, 206, 61, 3, 1, 7]):
       return "P-256";
-    case E(e, [43, 129, 4, 0, 34]):
+    case w(e, [43, 129, 4, 0, 34]):
       return "P-384";
-    case E(e, [43, 129, 4, 0, 35]):
+    case w(e, [43, 129, 4, 0, 35]):
       return "P-521";
-    case E(e, [43, 101, 110]):
+    case w(e, [43, 101, 110]):
       return "X25519";
-    case E(e, [43, 101, 111]):
+    case w(e, [43, 101, 111]):
       return "X448";
-    case E(e, [43, 101, 112]):
+    case w(e, [43, 101, 112]):
       return "Ed25519";
-    case E(e, [43, 101, 113]):
+    case w(e, [43, 101, 113]):
       return "Ed448";
     default:
-      throw new w("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
+      throw new p("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
-}, ge = async (e, t, r, n, a) => {
-  let o, i;
+}, Ke = async (e, t, r, n, o) => {
+  let a, i;
   const c = new Uint8Array(atob(r.replace(e, "")).split("").map((s) => s.charCodeAt(0)));
   switch (n) {
     case "PS256":
     case "PS384":
     case "PS512":
-      o = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, i = ["verify"];
+      a = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, i = ["verify"];
       break;
     case "RS256":
     case "RS384":
     case "RS512":
-      o = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, i = ["verify"];
+      a = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, i = ["verify"];
       break;
     case "RSA-OAEP":
     case "RSA-OAEP-256":
     case "RSA-OAEP-384":
     case "RSA-OAEP-512":
-      o = {
+      a = {
         name: "RSA-OAEP",
         hash: `SHA-${parseInt(n.slice(-3), 10) || 1}`
       }, i = ["encrypt", "wrapKey"];
       break;
     case "ES256":
-      o = { name: "ECDSA", namedCurve: "P-256" }, i = ["verify"];
+      a = { name: "ECDSA", namedCurve: "P-256" }, i = ["verify"];
       break;
     case "ES384":
-      o = { name: "ECDSA", namedCurve: "P-384" }, i = ["verify"];
+      a = { name: "ECDSA", namedCurve: "P-384" }, i = ["verify"];
       break;
     case "ES512":
-      o = { name: "ECDSA", namedCurve: "P-521" }, i = ["verify"];
+      a = { name: "ECDSA", namedCurve: "P-521" }, i = ["verify"];
       break;
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
-      const s = k(c);
-      o = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, i = [];
+      const s = F(c);
+      a = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, i = [];
       break;
     }
     case "EdDSA":
-      o = { name: k(c) }, i = ["verify"];
+      a = { name: F(c) }, i = ["verify"];
       break;
     default:
-      throw new w('Invalid or unsupported "alg" (Algorithm) value');
+      throw new p('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return O.subtle.importKey(t, c, o, !1, i);
-}, Ae = (e, t, r) => ge(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-async function be(e, t, r) {
+  return D.subtle.importKey(t, c, a, !1, i);
+}, Pe = (e, t, r) => Ke(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+async function Ie(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return Ae(e, t);
+  return Pe(e, t);
+}
+async function Re(e, t) {
+  if (!_(e))
+    throw new TypeError("JWK must be an object");
+  switch (t || (t = e.alg), e.kty) {
+    case "oct":
+      if (typeof e.k != "string" || !e.k)
+        throw new TypeError('missing "k" (Key Value) Parameter value');
+      return g(e.k);
+    case "RSA":
+      if (e.oth !== void 0)
+        throw new p('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');
+    case "EC":
+    case "OKP":
+      return te({ ...e, alg: t });
+    default:
+      throw new p('Unsupported "kty" (Key Type) Parameter value');
+  }
 }
-const I = (e) => e == null ? void 0 : e[Symbol.toStringTag], Ce = (e, t) => {
+const T = (e) => e == null ? void 0 : e[Symbol.toStringTag], $ = (e, t, r) => {
+  var n, o;
+  if (t.use !== void 0 && t.use !== "sig")
+    throw new TypeError("Invalid key for this operation, when present its use must be sig");
+  if (t.key_ops !== void 0 && ((o = (n = t.key_ops).includes) == null ? void 0 : o.call(n, r)) !== !0)
+    throw new TypeError(`Invalid key for this operation, when present its key_ops must include ${r}`);
+  if (t.alg !== void 0 && t.alg !== e)
+    throw new TypeError(`Invalid key for this operation, when present its alg must be ${e}`);
+  return !0;
+}, Oe = (e, t, r, n) => {
   if (!(t instanceof Uint8Array)) {
-    if (!X(t))
-      throw new TypeError(z(e, t, ...P, "Uint8Array"));
+    if (n && K(t)) {
+      if (Ae(t) && $(e, t, r))
+        return;
+      throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
+    }
+    if (!ee(t))
+      throw new TypeError(j(e, t, ...x, "Uint8Array", n ? "JSON Web Key" : null));
     if (t.type !== "secret")
-      throw new TypeError(`${I(t)} instances for symmetric algorithms must be of type "secret"`);
-  }
-}, _e = (e, t, r) => {
-  if (!X(t))
-    throw new TypeError(z(e, t, ...P));
+      throw new TypeError(`${T(t)} instances for symmetric algorithms must be of type "secret"`);
+  }
+}, We = (e, t, r, n) => {
+  if (n && K(t))
+    switch (r) {
+      case "sign":
+        if (ge(t) && $(e, t, r))
+          return;
+        throw new TypeError("JSON Web Key for this operation be a private JWK");
+      case "verify":
+        if (be(t) && $(e, t, r))
+          return;
+        throw new TypeError("JSON Web Key for this operation be a public JWK");
+    }
+  if (!ee(t))
+    throw new TypeError(j(e, t, ...x, n ? "JSON Web Key" : null));
   if (t.type === "secret")
-    throw new TypeError(`${I(t)} instances for asymmetric algorithms must not be of type "secret"`);
+    throw new TypeError(`${T(t)} instances for asymmetric algorithms must not be of type "secret"`);
+  if (r === "sign" && t.type === "public")
+    throw new TypeError(`${T(t)} instances for asymmetric algorithm signing must be of type "private"`);
+  if (r === "decrypt" && t.type === "public")
+    throw new TypeError(`${T(t)} instances for asymmetric algorithm decryption must be of type "private"`);
   if (t.algorithm && r === "verify" && t.type === "private")
-    throw new TypeError(`${I(t)} instances for asymmetric algorithm verifying must be of type "public"`);
+    throw new TypeError(`${T(t)} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && r === "encrypt" && t.type === "private")
-    throw new TypeError(`${I(t)} instances for asymmetric algorithm encryption must be of type "public"`);
-}, ve = (e, t, r) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Ce(e, t) : _e(e, t, r);
+    throw new TypeError(`${T(t)} instances for asymmetric algorithm encryption must be of type "public"`);
 };
-function Te(e, t, r, n, a) {
-  if (a.crit !== void 0 && (n == null ? void 0 : n.crit) === void 0)
+function oe(e, t, r, n) {
+  t.startsWith("HS") || t === "dir" || t.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(t) ? Oe(t, r, n, e) : We(t, r, n, e);
+}
+oe.bind(void 0, !1);
+const Y = oe.bind(void 0, !0);
+function xe(e, t, r, n, o) {
+  if (o.crit !== void 0 && (n == null ? void 0 : n.crit) === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!n || n.crit === void 0)
     return /* @__PURE__ */ new Set();
   if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((i) => typeof i != "string" || i.length === 0))
     throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
-  let o;
-  r !== void 0 ? o = new Map([...Object.entries(r), ...t.entries()]) : o = t;
+  let a;
+  r !== void 0 ? a = new Map([...Object.entries(r), ...t.entries()]) : a = t;
   for (const i of n.crit) {
-    if (!o.has(i))
-      throw new w(`Extension Header Parameter "${i}" is not recognized`);
-    if (a[i] === void 0)
+    if (!a.has(i))
+      throw new p(`Extension Header Parameter "${i}" is not recognized`);
+    if (o[i] === void 0)
       throw new e(`Extension Header Parameter "${i}" is missing`);
-    if (o.get(i) && n[i] === void 0)
+    if (a.get(i) && n[i] === void 0)
       throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`);
   }
   return new Set(n.crit);
 }
-const Ie = (e, t) => {
+const Je = (e, t) => {
   if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
-function Re(e, t) {
+function De(e, t) {
   const r = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -519,214 +581,214 @@ function Re(e, t) {
     case "EdDSA":
       return { name: t.name };
     default:
-      throw new w(`alg ${e} is not supported either by JOSE or your javascript runtime`);
+      throw new p(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
 }
-async function Pe(e, t, r) {
-  if (t = await we.normalizePublicKey(t, e), G(t))
-    return le(t, e, r), t;
+async function He(e, t, r) {
+  if (t = await _e.normalizePublicKey(t, e), Q(t))
+    return ye(t, e, r), t;
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(L(t, ...P));
-    return O.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
+      throw new TypeError(V(t, ...x));
+    return D.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
   }
-  throw new TypeError(L(t, ...P, "Uint8Array"));
+  throw new TypeError(V(t, ...x, "Uint8Array", "JSON Web Key"));
 }
-const Ke = async (e, t, r, n) => {
-  const a = await Pe(e, t, "verify");
-  pe(e, a);
-  const o = Re(e, a.algorithm);
+const Ne = async (e, t, r, n) => {
+  const o = await He(e, t, "verify");
+  we(e, o);
+  const a = De(e, o.algorithm);
   try {
-    return await O.subtle.verify(o, a, r, n);
+    return await D.subtle.verify(a, o, r, n);
   } catch {
     return !1;
   }
 };
-async function Oe(e, t, r) {
-  if (!K(e))
-    throw new u("Flattened JWS must be an object");
+async function Ue(e, t, r) {
+  if (!_(e))
+    throw new d("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
-    throw new u('Flattened JWS must have either of the "protected" or "header" members');
+    throw new d('Flattened JWS must have either of the "protected" or "header" members');
   if (e.protected !== void 0 && typeof e.protected != "string")
-    throw new u("JWS Protected Header incorrect type");
+    throw new d("JWS Protected Header incorrect type");
   if (e.payload === void 0)
-    throw new u("JWS Payload missing");
+    throw new d("JWS Payload missing");
   if (typeof e.signature != "string")
-    throw new u("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !K(e.header))
-    throw new u("JWS Unprotected Header incorrect type");
+    throw new d("JWS Signature missing or incorrect type");
+  if (e.header !== void 0 && !_(e.header))
+    throw new d("JWS Unprotected Header incorrect type");
   let n = {};
   if (e.protected)
     try {
-      const x = b(e.protected);
-      n = JSON.parse(C.decode(x));
+      const H = g(e.protected);
+      n = JSON.parse(P.decode(H));
     } catch {
-      throw new u("JWS Protected Header is invalid");
+      throw new d("JWS Protected Header is invalid");
     }
-  if (!fe(n, e.header))
-    throw new u("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
-  const a = {
+  if (!Se(n, e.header))
+    throw new d("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
+  const o = {
     ...n,
     ...e.header
-  }, o = Te(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
+  }, a = xe(d, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, o);
   let i = !0;
-  if (o.has("b64") && (i = n.b64, typeof i != "boolean"))
-    throw new u('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
-  const { alg: c } = a;
+  if (a.has("b64") && (i = n.b64, typeof i != "boolean"))
+    throw new d('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
+  const { alg: c } = o;
   if (typeof c != "string" || !c)
-    throw new u('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const s = r && Ie("algorithms", r.algorithms);
+    throw new d('JWS "alg" (Algorithm) Header Parameter missing or invalid');
+  const s = r && Je("algorithms", r.algorithms);
   if (s && !s.has(c))
-    throw new ce('"alg" (Algorithm) Header Parameter value not allowed');
+    throw new le('"alg" (Algorithm) Header Parameter value not allowed');
   if (i) {
     if (typeof e.payload != "string")
-      throw new u("JWS Payload must be a string");
+      throw new d("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
-    throw new u("JWS Payload must be a string or an Uint8Array instance");
-  let p = !1;
-  typeof t == "function" && (t = await t(n, e), p = !0), ve(c, t, "verify");
-  const g = oe(_.encode(e.protected ?? ""), _.encode("."), typeof e.payload == "string" ? _.encode(e.payload) : e.payload);
-  let f;
+    throw new d("JWS Payload must be a string or an Uint8Array instance");
+  let m = !1;
+  typeof t == "function" ? (t = await t(n, e), m = !0, Y(c, t, "verify"), K(t) && (t = await Re(t, c))) : Y(c, t, "verify");
+  const b = de(I.encode(e.protected ?? ""), I.encode("."), typeof e.payload == "string" ? I.encode(e.payload) : e.payload);
+  let l;
   try {
-    f = b(e.signature);
+    l = g(e.signature);
   } catch {
-    throw new u("Failed to base64url decode the signature");
+    throw new d("Failed to base64url decode the signature");
   }
-  if (!await Ke(c, t, f, g))
-    throw new se();
-  let y;
+  if (!await Ne(c, t, l, b))
+    throw new he();
+  let E;
   if (i)
     try {
-      y = b(e.payload);
+      E = g(e.payload);
     } catch {
-      throw new u("Failed to base64url decode the payload");
+      throw new d("Failed to base64url decode the payload");
     }
-  else typeof e.payload == "string" ? y = _.encode(e.payload) : y = e.payload;
-  const l = { payload: y };
-  return e.protected !== void 0 && (l.protectedHeader = n), e.header !== void 0 && (l.unprotectedHeader = e.header), p ? { ...l, key: t } : l;
-}
-async function xe(e, t, r) {
-  if (e instanceof Uint8Array && (e = C.decode(e)), typeof e != "string")
-    throw new u("Compact JWS must be a string or Uint8Array");
-  const { 0: n, 1: a, 2: o, length: i } = e.split(".");
+  else typeof e.payload == "string" ? E = I.encode(e.payload) : E = e.payload;
+  const f = { payload: E };
+  return e.protected !== void 0 && (f.protectedHeader = n), e.header !== void 0 && (f.unprotectedHeader = e.header), m ? { ...f, key: t } : f;
+}
+async function $e(e, t, r) {
+  if (e instanceof Uint8Array && (e = P.decode(e)), typeof e != "string")
+    throw new d("Compact JWS must be a string or Uint8Array");
+  const { 0: n, 1: o, 2: a, length: i } = e.split(".");
   if (i !== 3)
-    throw new u("Invalid Compact JWS");
-  const c = await Oe({ payload: a, protected: n, signature: o }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
+    throw new d("Invalid Compact JWS");
+  const c = await Ue({ payload: o, protected: n, signature: a }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
   return typeof t == "function" ? { ...s, key: c.key } : s;
 }
-const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te * 24, De = N * 7, Je = N * 365.25, He = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, M = (e) => {
-  const t = He.exec(e);
+const Le = (e) => Math.floor(e.getTime() / 1e3), ae = 60, ie = ae * 60, L = ie * 24, Me = L * 7, Be = L * 365.25, Ve = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, k = (e) => {
+  const t = Ve.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
   const r = parseFloat(t[2]), n = t[3].toLowerCase();
-  let a;
+  let o;
   switch (n) {
     case "sec":
     case "secs":
     case "second":
     case "seconds":
     case "s":
-      a = Math.round(r);
+      o = Math.round(r);
       break;
     case "minute":
     case "minutes":
     case "min":
     case "mins":
     case "m":
-      a = Math.round(r * ee);
+      o = Math.round(r * ae);
       break;
     case "hour":
     case "hours":
     case "hr":
     case "hrs":
     case "h":
-      a = Math.round(r * te);
+      o = Math.round(r * ie);
       break;
     case "day":
     case "days":
     case "d":
-      a = Math.round(r * N);
+      o = Math.round(r * L);
       break;
     case "week":
     case "weeks":
     case "w":
-      a = Math.round(r * De);
+      o = Math.round(r * Me);
       break;
     default:
-      a = Math.round(r * Je);
+      o = Math.round(r * Be);
       break;
   }
-  return t[1] === "-" || t[4] === "ago" ? -a : a;
-}, B = (e) => e.toLowerCase().replace(/^application\//, ""), Ne = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Ue = (e, t, r = {}) => {
+  return t[1] === "-" || t[4] === "ago" ? -o : o;
+}, G = (e) => e.toLowerCase().replace(/^application\//, ""), Fe = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Ye = (e, t, r = {}) => {
   let n;
   try {
-    n = JSON.parse(C.decode(t));
+    n = JSON.parse(P.decode(t));
   } catch {
   }
-  if (!K(n))
+  if (!_(n))
     throw new S("JWT Claims Set must be a top-level JSON object");
-  const { typ: a } = r;
-  if (a && (typeof e.typ != "string" || B(e.typ) !== B(a)))
+  const { typ: o } = r;
+  if (o && (typeof e.typ != "string" || G(e.typ) !== G(o)))
     throw new h('unexpected "typ" JWT header value', n, "typ", "check_failed");
-  const { requiredClaims: o = [], issuer: i, subject: c, audience: s, maxTokenAge: p } = r, g = [...o];
-  p !== void 0 && g.push("iat"), s !== void 0 && g.push("aud"), c !== void 0 && g.push("sub"), i !== void 0 && g.push("iss");
-  for (const l of new Set(g.reverse()))
-    if (!(l in n))
-      throw new h(`missing required "${l}" claim`, n, l, "missing");
+  const { requiredClaims: a = [], issuer: i, subject: c, audience: s, maxTokenAge: m } = r, b = [...a];
+  m !== void 0 && b.push("iat"), s !== void 0 && b.push("aud"), c !== void 0 && b.push("sub"), i !== void 0 && b.push("iss");
+  for (const f of new Set(b.reverse()))
+    if (!(f in n))
+      throw new h(`missing required "${f}" claim`, n, f, "missing");
   if (i && !(Array.isArray(i) ? i : [i]).includes(n.iss))
     throw new h('unexpected "iss" claim value', n, "iss", "check_failed");
   if (c && n.sub !== c)
     throw new h('unexpected "sub" claim value', n, "sub", "check_failed");
-  if (s && !Ne(n.aud, typeof s == "string" ? [s] : s))
+  if (s && !Fe(n.aud, typeof s == "string" ? [s] : s))
     throw new h('unexpected "aud" claim value', n, "aud", "check_failed");
-  let f;
+  let l;
   switch (typeof r.clockTolerance) {
     case "string":
-      f = M(r.clockTolerance);
+      l = k(r.clockTolerance);
       break;
     case "number":
-      f = r.clockTolerance;
+      l = r.clockTolerance;
       break;
     case "undefined":
-      f = 0;
+      l = 0;
       break;
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: U } = r, y = We(U || /* @__PURE__ */ new Date());
-  if ((n.iat !== void 0 || p) && typeof n.iat != "number")
+  const { currentDate: M } = r, E = Le(M || /* @__PURE__ */ new Date());
+  if ((n.iat !== void 0 || m) && typeof n.iat != "number")
     throw new h('"iat" claim must be a number', n, "iat", "invalid");
   if (n.nbf !== void 0) {
     if (typeof n.nbf != "number")
       throw new h('"nbf" claim must be a number', n, "nbf", "invalid");
-    if (n.nbf > y + f)
+    if (n.nbf > E + l)
       throw new h('"nbf" claim timestamp check failed', n, "nbf", "check_failed");
   }
   if (n.exp !== void 0) {
     if (typeof n.exp != "number")
       throw new h('"exp" claim must be a number', n, "exp", "invalid");
-    if (n.exp <= y - f)
-      throw new $('"exp" claim timestamp check failed', n, "exp", "check_failed");
-  }
-  if (p) {
-    const l = y - n.iat, x = typeof p == "number" ? p : M(p);
-    if (l - f > x)
-      throw new $('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
-    if (l < 0 - f)
+    if (n.exp <= E - l)
+      throw new B('"exp" claim timestamp check failed', n, "exp", "check_failed");
+  }
+  if (m) {
+    const f = E - n.iat, H = typeof m == "number" ? m : k(m);
+    if (f - l > H)
+      throw new B('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
+    if (f < 0 - l)
       throw new h('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
   }
   return n;
 };
-async function $e(e, t, r) {
+async function ke(e, t, r) {
   var i;
-  const n = await xe(e, t, r);
+  const n = await $e(e, t, r);
   if ((i = n.protectedHeader.crit) != null && i.includes("b64") && n.protectedHeader.b64 === !1)
     throw new S("JWTs MUST NOT use unencoded payload");
-  const o = { payload: Ue(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
-  return typeof t == "function" ? { ...o, key: n.key } : o;
+  const a = { payload: Ye(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
+  return typeof t == "function" ? { ...a, key: n.key } : a;
 }
-const Le = b;
-function ke(e) {
+const Ge = g;
+function qe(e) {
   if (typeof e != "string")
     throw new S("JWTs must use Compact JWS serialization, JWT must be a string");
   const { 1: t, length: r } = e.split(".");
@@ -738,134 +800,134 @@ function ke(e) {
     throw new S("JWTs must contain a payload");
   let n;
   try {
-    n = Le(t);
+    n = Ge(t);
   } catch {
     throw new S("Failed to base64url decode the payload");
   }
-  let a;
+  let o;
   try {
-    a = JSON.parse(C.decode(n));
+    o = JSON.parse(P.decode(n));
   } catch {
     throw new S("Failed to parse the decoded payload as JSON");
   }
-  if (!K(a))
+  if (!_(o))
     throw new S("Invalid JWT Claims Set");
-  return a;
+  return o;
 }
-const Me = async (e) => {
+const ze = async (e) => {
   try {
-    const t = R.ALG, n = await be(ae, t);
-    return await $e(e, n, {
-      issuer: R.ISSUER
+    const t = W.ALG, n = await Ie(ue, t);
+    return await ke(e, n, {
+      issuer: W.ISSUER
     });
   } catch {
     return;
   }
-}, at = (e) => {
+}, ft = (e) => {
   try {
-    return ke(e);
+    return qe(e);
   } catch {
     return;
   }
 };
-var d = [];
-for (var H = 0; H < 256; ++H)
-  d.push((H + 256).toString(16).slice(1));
-function Be(e, t = 0) {
-  return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
-}
-var T, Fe = new Uint8Array(16);
-function Ye() {
-  if (!T && (T = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !T))
+var u = [];
+for (var U = 0; U < 256; ++U)
+  u.push((U + 256).toString(16).slice(1));
+function Xe(e, t = 0) {
+  return (u[e[t + 0]] + u[e[t + 1]] + u[e[t + 2]] + u[e[t + 3]] + "-" + u[e[t + 4]] + u[e[t + 5]] + "-" + u[e[t + 6]] + u[e[t + 7]] + "-" + u[e[t + 8]] + u[e[t + 9]] + "-" + u[e[t + 10]] + u[e[t + 11]] + u[e[t + 12]] + u[e[t + 13]] + u[e[t + 14]] + u[e[t + 15]]).toLowerCase();
+}
+var O, Qe = new Uint8Array(16);
+function Ze() {
+  if (!O && (O = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !O))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return T(Fe);
+  return O(Qe);
 }
-var Ve = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const F = {
-  randomUUID: Ve
+var je = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const q = {
+  randomUUID: je
 };
-function Y(e, t, r) {
-  if (F.randomUUID && !t && !e)
-    return F.randomUUID();
+function z(e, t, r) {
+  if (q.randomUUID && !t && !e)
+    return q.randomUUID();
   e = e || {};
-  var n = e.random || (e.rng || Ye)();
-  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Be(n);
+  var n = e.random || (e.rng || Ze)();
+  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Xe(n);
 }
-const V = globalThis.crypto, Ge = (e) => `${Y()}${Y()}`.slice(0, e), qe = (e) => btoa(
+const X = globalThis.crypto, et = (e) => `${z()}${z()}`.slice(0, e), tt = (e) => btoa(
   [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
 );
-async function re(e) {
-  if (!V.subtle)
+async function ce(e) {
+  if (!X.subtle)
     throw new Error(
       "crypto.subtle is available only in secure contexts (HTTPS)."
     );
-  const t = new TextEncoder().encode(e), r = await V.subtle.digest("SHA-256", t);
-  return qe(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  const t = new TextEncoder().encode(e), r = await X.subtle.digest("SHA-256", t);
+  return tt(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
-async function ot(e) {
+async function lt(e) {
   const t = e || 43;
   if (t < 43 || t > 128)
     throw `Expected a length between 43 and 128. Received ${e}.`;
-  const r = Ge(t), n = await re(r);
+  const r = et(t), n = await ce(r);
   return {
     code_verifier: r,
     code_challenge: n
   };
 }
-async function it(e, t) {
-  return t === await re(e);
+async function ht(e, t) {
+  return t === await ce(e);
 }
-const ze = /^Bearer (.+)$/i, Xe = (e) => {
+const rt = /^Bearer (.+)$/i, nt = (e) => {
   if (typeof (e == null ? void 0 : e.authorization) != "string")
     return;
-  const t = e.authorization.match(ze);
+  const t = e.authorization.match(rt);
   if (t)
     return t[1];
-}, Qe = (e, t) => {
+}, ot = (e, t) => {
   const r = e == null ? void 0 : e.cookie;
   if (typeof r != "string")
     return;
-  const n = new RegExp(`auth.${t}=(.+?)(?:;|$)`), a = r.match(n);
-  if (a)
-    return a[1];
-}, Ze = (e) => {
-  const t = e == null ? void 0 : e[ne.ACCESS_TOKEN];
+  const n = new RegExp(`auth.${t}=(.+?)(?:;|$)`), o = r.match(n);
+  if (o)
+    return o[1];
+}, at = (e) => {
+  const t = e == null ? void 0 : e[se.ACCESS_TOKEN];
   if (typeof t == "string")
     return t;
-}, ct = ({ headers: e, body: t, clientId: r }) => {
-  const n = Xe(e), a = Qe(e, r);
-  return Ze(t) || a || n || "";
-}, st = async (e, t) => {
-  var a;
-  const r = await Me(e);
-  if (!r || !Array.isArray((a = r.payload) == null ? void 0 : a[R.SCOPES_KEY]))
+}, pt = ({ headers: e, body: t, clientId: r }) => {
+  const n = nt(e), o = ot(e, r);
+  return at(t) || o || n || "";
+}, mt = async (e, t) => {
+  var o;
+  const r = await ze(e);
+  if (!r || !Array.isArray((o = r.payload) == null ? void 0 : o[W.SCOPES_KEY]))
     return !1;
-  const n = r.payload[R.SCOPES_KEY];
-  return Array.isArray(t) ? t.every((o) => n.includes(o)) : Object.keys(t).some(
-    (o) => t[o].every((i) => n.includes(i))
+  const n = r.payload[W.SCOPES_KEY];
+  return Array.isArray(t) ? t.every((a) => n.includes(a)) : Object.keys(t).some(
+    (a) => t[a].every((i) => n.includes(i))
   );
-}, je = (e, t) => {
+}, it = (e, t) => {
   const r = e == null ? void 0 : e.cookie;
   if (typeof r != "string")
     return;
-  const n = new RegExp(`auth.${t}.session=(.+?)(?:;|$)`), a = r.match(n);
-  if (a)
-    return a[1];
-}, dt = ({ headers: e, clientId: t }) => je(e, t) || "";
+  const n = new RegExp(`auth.${t}.session=(.+?)(?:;|$)`), o = r.match(n);
+  if (o)
+    return o[1];
+}, yt = ({ headers: e, clientId: t }) => it(e, t) || "";
 export {
-  nt as API_TYPE,
-  et as AUTH_TYPES,
-  ne as BODY,
-  tt as HEADERS,
-  R as JWT,
-  ae as JWT_PUBLIC_KEY,
-  rt as TOKEN_EXPIRATION,
-  at as decodeToken,
-  re as generateCodeChallenge,
-  dt as getSession,
-  ct as getToken,
-  st as isGranted,
-  ot as pkceChallengePair,
-  Me as verifyAndExtractToken,
-  it as verifyChallenge
+  dt as API_TYPE,
+  ct as AUTH_TYPES,
+  se as BODY,
+  st as HEADERS,
+  W as JWT,
+  ue as JWT_PUBLIC_KEY,
+  ut as TOKEN_EXPIRATION,
+  ft as decodeToken,
+  ce as generateCodeChallenge,
+  yt as getSession,
+  pt as getToken,
+  mt as isGranted,
+  lt as pkceChallengePair,
+  ze as verifyAndExtractToken,
+  ht as verifyChallenge
 };

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-common",
-	"version": "4.1.1",
+	"version": "4.1.3",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -33,8 +33,8 @@
 		"test:coverage": "vitest run --coverage"
 	},
 	"dependencies": {
-		"jose": "5.8.0",
+		"jose": "5.9.3",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "16ca50ac8e015645757fa8afee0cf1ef80e53cb7"
+	"gitHead": "40dc7c7a47965743b8f2a7e7e8d1c4c39736bdfd"
 }